- Threat Encyclopedia
- Network Content Inspection Rules
- DDI RULE 2889
ANTSWORD - HTTP (Request)
This is Trend Micro detection for packets passing through HTTP network protocol that manifests hacking tool actions that can generally crack or break systems and network security measures. Hacking tools have different capabilities depending on the systems they have been designed to penetrate. System administrators and malicious actors may have the same approach in using hacking tools but have different intent. Both wanted to identify possible avenues for intrusion, but for system administrators it is to test the security of the system while malicious actors take advantage of this.
Attack Phase: Intelligence Gathering
Protocol: HTTP
Risk Type: SPYWARE
Threat Type: Grayware
Confidence Level: High
Severity: Medium(Inbound)
DDI Default Rule Status: Disable
Event Class: Grayware
Event Sub Class: Hack Tool
Behavior Indicator: Hack Tool
APT Related: YES
If scanning fails to detect a malware infection: